[ 
https://issues.apache.org/jira/browse/OFBIZ-9150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17011554#comment-17011554
 ] 

Jacques Le Roux commented on OFBIZ-9150:
----------------------------------------

Hi Junyuan,

What is the status here?

> Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
> ------------------------------------------------------------------
>
>                 Key: OFBIZ-9150
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9150
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>            Reporter: Jacques Le Roux
>            Priority: Minor
>
> Currently we use SHA1 for our OOTB passwords hashes and they are not salted.  
> If you create new passwords they will still use SHA1 but they will be salted, 
> which is good.
> But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use 
> SHA-512 as default encrypting method (even for fields), with at least 10 000 
> iterations, to lead our users to the best solution.
> We should also provide a simple and easy documentation about that. So far we 
> have this discussion http://markmail.org/message/yqybsqzigrqbyxgf
> I suggest to improve/enhance 
> https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to